That old “need to balance privacy and sharing” chestnut

October 25th, 2012 by Rob Navarro

The Cameron government has re-opened the debate on how much of our patient data is accessible to others who are not directly caring for us. Dame Fiona Caldicott has been tasked with the review and was just quoted as having been influenced by the NHS’ Future Forum question “where does the balance between privacy and sharing lie?”.

Whilst many a conference and report on health data sharing has concluded with the same question, it is actually the case that we need not resort to such a desperate last measure. It would be a truly dismal world if for the health economy to grow a patient’s trust in their health data needs to suffer. This is clearly an idea of “last resort”.

The reader will be pleasantly surprised to learn that in fact there is no need to sip from that poisoned chalice.

It turns out such “last resort” thinking is a product of staring at shared database designs (e.g. safe havens, shared warehouse, trusted data linking services etc). Having picked this way to solve the problem one finds oneself marched quickly to the aforementioned iniquitous balance. (“Do patients or the health economy matter more?”)

If instead one asks the question “how can we find potential research subjects whilst preserving patient privacy?” (say) then the floor is opened to more palatable solutions. In this case the patient qualifying criteria are sent to GP computers whose GP’s can then choose whether to contact their matching patients or not. Patients always have rights of refusal.

Now imagine the poor soul who simply copies a system design from Banking and wants to build a database to find research subjects. This now needs to include everyone to ensure all rare characteristics are included (and some would argue to be unbiased). All UK patients! Lickety spit we are right back at the “balance question”.

That projects like the Research Capability Programme (now CPRD?) or Predictive Analytics for Commissioners (calling on new safe havens) hit the same “balance” question is not surprising. It also doesn’t mean the question needs answering either!

What is called for (and I respectfully call out to Dame Caldicott to take note) is focused attention on how individual projects can get just the data they need. Some guiding principles that always help simplify matters:

1) Supply the least information that answers the question (“zero knowledge” techniques included)
2) Ensure the least number of people have access to the data for the smallest period of time
3) Patients always get quibble-free opt outs
4) De-identify the data when extracting from its “home” base (part of 1. above)
5) Attempt to measure the illicit re-identification risk to patients of each project

This kind of scheme makes it easy to seek patient or physician consent that is meaningful because the purpose for collecting is singular and well understood (As are the names of staff accessing the data). Sometimes it also justifies opt-out if the re-identification risks are measurably low enough.

The future is bright, let’s not get bogged down in questions of “balance” when better paths exist that protect patients AND help grow the health economy.